SMBs Aren’t As Prepared for Disaster as They Think They Are, Symantec Survey Finds

Large discrepancy between small and midsize business perceptions about disaster readiness and their actual readiness

09/29/2009

In its latest report, SMB Disaster Preparedness, Symantec says it has “uncovered a large discrepancy between how SMBs perceive their disaster readiness and their actual level of preparedness.” Their lack of preparedness comes at a high cost -- lost business.

The survey of 1,657 companies in 28 countries, conducted in August and September, targeted personnel responsible for their organization’s network and computer systems in small and midsize businesses. Thirty-five percent of respondents were from companies with 10 to 99 employees, another 35 percent came from those with 100-499 employees, and the remaining 30 percent were employees from companies that contract with SMBs for goods and services (these “customers” had a median of between 2000 and 9,999 employees).

The survey found a high degree of confidence about disaster preparedness: 82 percent say they are “somewhat/very satisfied with their disaster recovery (DR) plan,” and 84 percent claim their their “computer and technology systems are somewhat/very protected.”

Symantec asked what would happen if the SMB lost all of its computers in a disaster and had to rebuild. Two-thirds of respondents (67 percent) predict that their customers would either “wait patiently until our systems were back in place” or they “would call us to get what they could, but would wait patiently for the rest until our systems were back in place.” Symantec says that a third (34 percent) thought their customers would probably evaluate other options, including considering a competitor.

Such optimism is misplaced, the report notes: 76 percent report they live where they are susceptible to natural disasters (such as hurricanes and earthquakes), and outages or downtime and not unknown -- “the average SMB experienced three outages within the past 12 months, with the leading causes being virus or hacker attacks, power outages or natural disasters,” according to the report.

Even worse, Symantec says that almost half (47 percent) of respondents say they don’t have any plan to manage these disruptions. In backup, “SMBs again showed an alarming lack of readiness.” The survey found that the average SMB backs up only 60 percent of their company’s data, and they backup this data infrequently. “Only one in five (23 percent) back up on a daily basis and 40 percent backup monthly or less.” Furthermore, over half (55 percent) of respondents expect they’d lose 40 percent of their data “if their computing systems were wiped out in a fire.”

As to their perceptions about customer defection, Symantec’s report also found overconfidence. “Two in five (42 percent) SMB customers have actually switched vendors in the past because they felt their vendor’s computers or technology systems were unreliable.” In addition, 28 percent of customers surveyed report that one or more of their SMB vendors has shut down because of computer failure, with 42 percent of outages lasting eight hours or longer.

“The customers estimated the cost of these outages as being $15,000 per day on average.” Symantec also reports that “one third (35 percent) of the customers evaluated other vendors as a result, [and] 63 percent of the customers reported that downtime damaged their perception of the SMB vendor, further showing damage to the relationship.

The good news is that 89 percent of respondents say they are planning to create a formal disaster recovery plan in the next six months. What can companies do to mitigate such risks to their data and their reputation?

Symantec suggests four key points: Examine what critical information must be protected, look to solution providers to help them create and implement automated protection solutions, automate backups, and test the plan annually.